Qualcomm Steps Up To Fight Android Malware And App Privacy Violations

The openness of Google's Android operating system gives consumers lots of options for what they can put on their phones, but it also leaves users open to some nasty malware and apps that don't exactly view user privacy as a top concern.

Mobile chipmaking giant Qualcomm is hoping to tamp down on some of these worries about the Android ecosystem with Snapdragon Smart Protect that it announced on Monday.

Smart Protect keeps tabs on how apps are behaving to look for any signs of maliciousness. If your phone screen is turned off, for example, yet the app is trying to send an SMS that could be a reason for concern and will alert the user.

The software only works for Android phones equipped with Qualcomm's Snapdragon processor. (With the exception of Samsung's latest phones, nearly every high-end phone uses Snapdragon processors.) It will first be available in Qualcomm's upcoming Snapdragon 820 chip due out in Android phones sometime next year.

Qualcomm isn't developing the front-end experience for this. Instead, it's partnering with antivirus software developers and phone makers to take advantage of the product. So far, three antivirus apps makers have signed up for Smart Protect: Lookout, AVG and Avast.

For the most part, mobile antivirus apps are sandboxed and aren't able to get much of a view into what other apps are doing. Using Qualcomm's APIs for Smart Protect, the antivirus app can get deeper access into the phone hardware and is able to pick up a wider range of application behavior.

Smart Protect's behavioral analysis approach to fighting malware is designed to compliment what traditional antivirus software does. "The only way to have full visibility into a system is to go down in the technology stack and be very close to the hardware to see what's happening," said Asaf Ashkenazi, a director of product management at Qualcomm. "That's something that only we can do."

In a demo on a Qualcomm reference phone, the San Diego chipmaker showed off how when a Chinese voice chat app is launched, the Smart Protect program alerts the user that the app is accessing their contacts and is attempting to send an SMS -- all without any input from the user. These are behaviors Qualcomm classifies as both malware and spyware. In a popup box, the user can decide to either uninstall the app or let it keep running.

Sometimes, the line between malicious app and an app just doing its normal functions can be a grey area. Users can indifferently give an app permission to access contacts, photos and a whole lot more when it's not clear why that app needs all that access. For instance, a user may be okay with a notes app getting access to their phone's camera, but they may not be okay with the notes app accessing the camera when the screen is turned off. Qualcomm's Smart Protect makes it a little more transparent to users what these apps are doing in the background.

"If the user knows what the app is doing in the background, they can make better decisions," said Ashkenazi. "It could be non-malware and Google could okay it, but some people may not be comfortable with what the app is doing."

Most Android users likely won't have these problems Qualcomm is trying to fix if they stick to the Google Play Store, where the search giant keeps a close eye on what apps users can download. Third-party Android app stores in places like China and the Middle East is where malware looms large. Still, even apps that have been deemed acceptable on the Google Play Store have been identified as being problematic to user privacy -- a bunch of Android flashlight apps were shown to unnecessarily track user location persistently as well as other information. As a result, the Federal Trade Commission started cracking down on some of these apps.

Ultimately what Qualcomm hopes to do with Smart Protect is keep people from fleeing the Android phone ecosystem. "We're doing this because we want to make sure users are getting the best experience and know what's going on with their device, so people aren't afraid to use Android devices," said Ashkenazi. "We want to sell chips. We want more people to use our devices. But if people are less concerned, it will better for the entire ecosystem, not just Qualcomm."